
Identity Crisis
One of the elements of Sign In with Apple that has already rankled developers, though, is Apple’s mandate that app makers implement Sign In with Apple if they have already built Facebook and Google’s login features into their apps. Previously, there was documentation that suggested Apple might even require developers to position the Sign In button above all other options—but that language has since changed in Apple’s human interface guidelines. Now the requirement is simply that the Sign In button can’t be smaller than other options, and the user shouldn’t have to scroll to see it.
Leah Culver, the cofounder and chief technology officer of podcast discovery app Breaker, says she’s “not super happy about [Apple] forcing apps to use a certain type of login, and I think it’s kind of petty.”“The question becomes, just because they control the App Store, should they control the login?” Culver says. She notes that Google doesn’t force Android developers to use Login with Google, something Google confirmed when I asked.Buzz Andersen has been a software engineer for more than 15 years, and, having worked at Apple himself before moving on to companies like Square and Tumblr, admits to being an Apple fan. He says Sign In with Apple is long overdue, and that he personally believes Apple’s offering to be more trustworthy than other options. But even he admits that Apple’s mandate that its sign-in option is offered when other options are present could be a “non-starter” for some developers.“I’ve already heard of people having issues with that, and it is a little heavy-handed,” Andersen says. “Apple is known for being heavy-handed with its ecosystem.”While the option to use a randomized email address is designed to protect consumers, some developers say this could create a dilemma. Will Fischer is a product manager in the emerging technology group at Christie’s, the 253-year-old auction house. He says he’s intrigued by Sign In with Apple for his own personal iPhone use because it’s “absolutely going to make things easier,” but implementing it at work could present complications.“It’s an interesting concept,” says Fischer. “But there’s currently no anonymous checkout in our app—as a company we have to know who we’re transacting with and who we’re selling to. It’s definitely something we would like to assess more fully.”Lauren Goode is a senior writer at WIRED who covers consumer technology.
Basically, apps using Sign In with Apple can request personal information of the user, like an email address, but they can’t demand it. So an app that requires a more granular level of information about someone’s identity, such as an auction app or banking app, may have to simply use their own direct login. (This also means they can’t offer the sign-in options from Google or Facebook, because of Apple’s mandate.)
Not surprisingly, some Android developers also have questions around how Sign In with Apple will work for “edge cases.” Chris Maddern, cofounder and chief product officer of mobile commerce app Button, points out that many developers aren’t just building for iOS but “also for users that span iOS devices, web, and Android devices,” he writes in an email.“This means that on both the web and Android, you’ll need to present this option somehow or risk users not being able to log in. It will be a web-based authentication flow that isn’t exactly seamless,” he says. “Long story short, 99 percent of Android developers aren’t thinking about this at all. But once the ‘Add Sign in with Apple’ requirement hits them because they’ve already had to add it on iOS, they are not going to be thrilled.”
Interestingly enough, Facebook itself—as an app developer on iOS, not as a provider of Login—still isn’t clear on whether it will have to implement Sign In with Apple within its own app. When I asked Google whether it would use Sign In with Apple for its own apps, the company initially wasn’t sure; then later said it would not, since signing into Google’s services does not involve third-party sign-in.
Sign o’ the Times
Some of the issues developers have raised may end up being resolved in the months leading up to the public launch of Apple's sign-in feature, which is supposed to happen this fall. Other gripes may still be very real when it launches. And it might ultimately just mean that developers have to do the extra work to tailor their app around Apple’s requirements.
For example, Culver has relied on Facebook’s social graph to make it easy for people in the Breaker podcast app to connect with their friends; in the case of someone using Sign In with Apple, they’ll have to go through the added step of finding friends in the app.But Kanich, the security researcher from the University of Illinois in Chicago, describes this as part of the ultimate tension that exists between Apple, its developer community, and its customers.He describes Sign In with Apple as a “one-trick pony”—and that’s a good thing from a security perspective, he says. Whereas something like Facebook is a rich application that people use for lots of data sharing, Sign In with Apple is one discrete product without much of a social graph. Which means even if a hacker were able to breach it, the fallout would be limited compared to the Facebook breach.
“This goes back to the fact that Apple is going to maintain more control of your identity,” Kanich says. “And that gives Apple more control, which the third-party app makers don’t like. But the third parties aren’t the customers; the users are the customers. And that’s where that tension will really build.”- A $100M bet that online coaching makes a better boss
- Much @stake: The band of hackers that defined an era
- How Mattel shrinks cars into Hot Wheels
- 10 productivity hacks from WIRED staff
- Why I (still) love tech: In defense of a difficult industry
- 📱 Torn between the latest phones? Never fear—check out our iPhone buying guide and favorite Android phones
- 📩 Hungry for even more deep dives on your next favorite topic? Sign up for the Backchannel newsletter